bugFreeciv - Bugs: bug #20110, Lack of "legend" in...

 
 
Show feedback again

bug #20110: Lack of "legend" in nations/nation.ruleset leads to server segfault

Submitted by:  Renato <rcbrgs>
Submitted on:  Thu 30 Aug 2012 12:56:55 AM UTC  
 
Category: rulesetsSeverity: 3 - Normal
Priority: 5 - NormalStatus: None
Assigned to: NoneOpen/Closed: Open
Release: Operating System: Any
Planned Release: 

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

Mon 08 Oct 2012 02:56:17 AM UTC, comment #1:

It crashes already when loading rulesets, not when freeing them.

(gdb) bt
#0 __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
#1 0x00000000005ec579 in real_fc_strdup (str=0x0,
called_as=called_as@entry=0x634f53 "strdup", line=line@entry=3198,
file=file@entry=0x64f400 "src.patched/server/ruleset.c")
at src.patched/utility/mem.c:141
#2 0x00000000004a61db in load_ruleset_nations (file=file@entry=0xc09b40)
at src.patched/server/ruleset.c:3197
#3 0x00000000004acd88 in load_rulesetdir (rsdir=0xac9383 "classic")
at src.patched/server/ruleset.c:4680
#4 0x00000000004ae63e in load_rulesets () at src.patched/server/ruleset.c:4611
#5 0x000000000043de26 in srv_prepare () at src.patched/server/srv_main.c:2412
#6 srv_main () at src.patched/server/srv_main.c:2720
#7 0x000000000043530e in main (argc=1, argv=0x7fffffffe378)
at src.patched/server/civserver.c:453

Marko Lindqvist <cazfi>
Project Administrator
Thu 30 Aug 2012 12:56:55 AM UTC, original submission:

If a nation/nation.ruleset lacks a legend specification, the server crashes when the ruleset is loaded, without warnings, and running the server with -d 3 also does not give a clue about this.

I believe the problem is in common/nation.c, function nation_free, that has the following line:

free(pnation->legend);

since pnation->legend is undefined, this line attempts to free an unallocated pointer, leading to a segmentation fault. I have verified this by commenting this line and loading a ruleset with a nation missing its legend, and there is no segfault in this case.

A quick fix would check if pnation->legend is NULL before freeing it, but I think it is not unreasonable to think that future coders might assume pnation->legend is initialized, somewhere else. So a possible permanent solution is to assign an empty string to pnation->legend if none is specified in the nation.ruleset.

Renato <rcbrgs>

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by cazfi (Posted a comment)
  • -unavailable- added by rcbrgs (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    No Changes Have Been Made to This Item
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup